Patched security flaws affecting Progress Kemp LoadMaster and VMware vCenter Server have been found to be actively exploited in the wild.
The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS Score: 10.0), the highest level security vulnerability in Progress Kemp LoadMaster to known vulnerabilities that exploit (KEV) directory. It was addressed by Progress Software back to February 2024.
“Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated remote attacker to gain access to the system via the LoadMaster management interface, allowing arbitrary system commands to be executed,” the agency said.
Rhino Security Labs which revealed and reported a shortage said a successful exploit allows commands to be executed on the LoadMaster when the attacker has access to the web admin interface, giving them full access to the load balancer.
CISA’s addition of CVE-2024-1212 coincides with a a warning from Broadcom that attackers are now exploiting two security flaws in VMware’s vCenter server that were demonstrated at the Matrix Cup cybersecurity competition held in China earlier this year.
CVE-2024-38812 (CVSS score: 9.8) and CVE-2024-38813 (CVSS score: 7.5) were originally decided in September 2024, although the company patches deployed for the former for a second time last month, saying previous patches “didn’t fully resolve” the problem.
- CVE-2024-38812 – A heap overflow vulnerability in the DCERPC protocol implementation that could allow a malicious actor with network access to obtain remote code execution
- CVE-2024-38813 – An elevation of privilege vulnerability that could allow an attacker with network access to elevate the privileges of root
Although there are currently no details on the observed exploitation of these vulnerabilities in actual attacks, CISA recommends that Federal Civil Executive Branch (FCEB) agencies patch CVE-2024-1212 by December 9, 2024 to protect their networks.
The development comes days after Sophos revealed that cybercriminals are actively exploiting a critical flaw in Veeam Backup & Replication (CVE-2024-40711CVSS score: 9.8) to deploy a previously undocumented ransomware called Frag.
